<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
<html><head>


<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Nessus Scan Report</title>
<style type="text/css" media="all"> 
BODY {BACKGROUND-COLOR: #2a4d66; font-family: tahoma,helvetica,sans-serif; font-size: 13px}
A {TEXT-DECORATION: none}
A {COLOR: #333; FONT-FAMILY: tahoma,helvetica,sans-serif, font-size: 13px}
A:link {COLOR: #333; FONT-FAMILY: tahoma,helvetica,sans-serif; TEXT-DECORATION:underline;font-size:13px}
A:active {COLOR: #333; FONT-FAMILY: tahoma,helvetica,sans-serif; TEXT-DECORATION:underline;font-size:13px}
a:hover {color: #000; font-family: tahoma,helvetica,sans-serif; text-decoration:none;font-size:13px}
TD {COLOR: #333; FONT-FAMILY: tahoma,helvetica,sans-serif; FONT-SIZE:13px; word-wrap:break-word;}
TR {COLOR: #333; FONT-FAMILY: tahoma,helvetica,sans-serif; FONT-SIZE:13px}
.even {background-color: #FFF;}
.odd {background-color: #DCDCDC;}
.sev_low {color: #397AB2}
.sev_med {color: #FDBE00}
.sev_high {color: red}
.ip_sev_low {color:#397AB2;font-weight:bold;font-size:1.5em;padding:3px}
.ip_sev_med {color:#FDBE00;font-weight:bold;font-size:1.5em;padding:3px}
.ip_sev_high {color:red;font-weight:bold;font-size:1.5em;padding:3px}
.hostlist {color:#FFF;font-size:2em;font-weight:bold;padding:3px}
.backTo a {color:#FFF;font-family:tahoma,helvetica,sans-serif;text-decoration:underline}
.backTo a:link {color:#FFF;font-family:tahoma,helvetica,sans-serif;text-decoration:underline}
.backTo a:active {color:#FFF;font-family:tahoma,helvetica,sans-serif;text-decoration:underline}
.backTo a:hover {color:#DFDFDF;font-family:tahoma,helvetica,sans-serif;text-decoration:none}
.backToContainer {padding: 4px 0 4px 0}
.vuln_info {font-weight:bold;text-decoration:underline}
.scan_time {font-weight:bold;text-decoration:underline}
.host_info {font-weight:bold;text-decoration:underline}
.plugin_sev_low {background-color:#397AB2}
.plugin_sev_med {background-color:#FDBE00}
.plugin_sev_high {background-color:red}
.plugin_label {color:#FFF;font-weight:bold;padding:3px}
.port_header {background-color:#67889f}
.port_header_label {font-weight:bold;color:#FFF;padding: 3px}
.toggle {color: #FFF}
.divider {padding-top: 2px}
.info_text {padding-left: 8px;}
.default_header {background-color:#67889f}
.info_bg {background-color:#EEF2F3; }
.plugin_output {
width: 600px;
overflow: auto;
white-space: -moz-pre-wrap; /* Mozilla */
white-space: -hp-pre-wrap; /* HP printers */
white-space: -o-pre-wrap; /* Opera 7 */
white-space: -pre-wrap; /* Opera 4-6 */
white-space: pre-wrap; /* CSS 2.1 */
white-space: pre-line; /* CSS 3 (and 2.1 as well, actually) */
word-wrap: break-word; /* IE */
}
</style>
<script type="text/javascript"> 
function toggle(divId)
{
	var divObj = document.getElementById(divId);
 
	if (divObj) {
		var displayType = divObj.style.display;
		if (displayType == "" || displayType == "block") {
			divObj.style.display = "none";
		} else {
			divObj.style.display = "block";
		}	
	}
}
</script>
</head><body>
<a name="toc"></a><table width="70%" align="center" border="0" cellpadding="0" cellspacing="0">
<tbody><tr class="default_header"><td class="hostlist" align="left">List of hosts</td></tr>
<tr><td>
<table width="100%" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="even">
<td width="60%"><a href="#toc_172.16.20.5">172.16.20.5</a></td>
<td class="sev_high" width="40%" align="right">High Severity problem(s) found</td>
</tr>
</tbody></table>
</td></tr>
</tbody></table>
<a name="toc_172.16.20.5"></a><div class="backToContainer">
<table width="70%" align="center" border="0" cellpadding="0" cellspacing="0">
<tbody><tr><td class="backTo" align="right"><a href="#toc">[^] Back</a></td></tr>
</tbody></table>
</div>
<table width="70%" align="center" border="0" cellpadding="0" cellspacing="0">
<tbody><tr class="default_header"><td class="ip_sev_med" align="left">172.16.20.5</td></tr>
<tr class="info_bg"><td>
<table width="100%" border="0" cellpadding="2" cellspacing="0">
<tbody><tr><td>
<span class="scan_time">Scan Time</span><br><table width="60%" align="center" border="0">
<tbody><tr>
<td align="left">Start time : </td>
<td align="right">Sat Feb 26 14:52:21 2011</td>
</tr>
<tr>
<td align="left">End time : </td>
<td align="right">Sat Feb 26 14:53:15 2011</td>
</tr>
</tbody></table>
</td></tr>
<tr><td colspan="2"><hr></td></tr>
<tr><td>
<span class="vuln_info">Number of vulnerabilities</span><br><table width="60%" align="center" border="0">
<tbody><tr>
<td align="left">Open ports : </td>
<td align="right">3</td>
</tr>
<tr>
<td class="sev_high" align="left">High : </td>
<td class="sev_high" align="right">5</td>
</tr>
<tr>
<td class="sev_med" align="left">Medium : </td>
<td class="sev_med" align="right">0</td>
</tr>
<tr>
<td class="sev_low" align="left">Low : </td>
<td class="sev_low" align="right">17</td>
</tr>
</tbody></table>
</td></tr>
<tr><td colspan="2"><hr></td></tr>
<tr><td>
<span class="host_info">Remote host information</span><br><table width="60%" align="center" border="0">
<tbody><tr>
<td align="left">Operating System : </td>
<td align="right">Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3</td>
</tr>
<tr>
<td align="left">NetBIOS name : </td>
<td align="right">IT-42DA17A77991</td>
</tr>
<tr><td align="left">DNS name : </td></tr>
</tbody></table>
</td></tr>
</tbody></table>
</td></tr>
</tbody></table>
<div class="backToContainer">
<table width="70%" align="center" border="0" cellpadding="0" cellspacing="0">
<tbody><tr><td class="backTo" align="right"><a href="#toc_172.16.20.5">[^] Back to 172.16.20.5</a></td></tr>
</tbody></table>
</div>

			<br><a name="172.16.20.5_general(0/general)"></a><table width="70%" align="center" border="0" cellpadding="2" cellspacing="0"><tbody><tr class="port_header" onclick='toggle("172.16.20.5_general_0")' onmouseover="this.style.cursor='pointer'" title="Collapse/Expand">
<td class="port_header_label" align="left">Port general (0/udp)</td>
<td class="toggle" align="right">[-/+]</td>
</tr></tbody></table>
<div id="172.16.20.5_general_0" class="divider">
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (uncredentialed check)</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>Arbitrary code can be executed on the remote host due to a flaw in the
'Server' service.<br><br><b>Description:</b><br>The remote host is vulnerable to a buffer overrun in the 'Server'
service that may allow an attacker to execute arbitrary code on the
remote host with the 'System' privileges.<br><br><b>Risk factor:</b><br>Critical<br><br><b>CVSS Base Score:</b>10.0<br>CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C<br><br><b>Solution:</b><br>Microsoft has released a set of patches for Windows 2000, XP, 2003,
Vista and 2008 :

http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=34477">34477</a><br><br><b>CVE: </b><br>CVE-2008-4250<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/31874">31874</a><br><br><b>Other references: </b><br>OSVDB:49243, CWE:94, MSFT:MS08-067</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">Traceroute Information</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>It was possible to obtain traceroute information.<br><br><b>Description:</b><br>Makes a traceroute to the remote host.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>For your information, here is the traceroute from 172.16.30.5 to 172.16.20.5 : 
172.16.30.5
172.16.30.1
172.16.20.5
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=10287">10287</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">Nessus Scan Information</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>Information about the Nessus scan.<br><br><b>Description:</b><br>This script displays, for each tested host, information about the scan itself:

 - The version of the plugin set
 - The type of plugin feed (HomeFeed or ProfessionalFeed)
 - The version of the Nessus Engine
 - The port scanner(s) used
 - The port range scanned
 - The date of the scan
 - The duration of the scan
 - The number of hosts scanned in parallel
 - The number of checks done in parallel<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>Information about this scan : 

Nessus version : 4.4.0
Plugin feed version : 201102260034
Type of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 172.16.30.5
Port scanner(s) : nessus_tcp_scanner nessus_syn_scanner 
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Optimize the test : yes
CGI scanning : disabled
Web application tests : disabled
Max hosts : 100
Max checks : 5
Recv timeout : 5
Backports : None
Scan Start Date : 2011/2/26 14:52
Scan duration : 54 sec
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=19506">19506</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">Common Platform Enumeration (CPE)</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>It is possible to enumerate CPE names that matched on the remote
system.<br><br><b>Description:</b><br>By using information obtained from a Nessus scan, this plugin reports
CPE (Common Platform Enumeration) matches for various hardware and
software products found on a host.  

Note that if an official CPE is not available for the product, this
plugin computes the best possible CPE based on the information
available from the scan.<br><br><b>Risk factor:</b><br>None<br><br><b>See also:</b><br>http://cpe.mitre.org/<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>
The remote operating system matched the following CPEs : 

  cpe:/o:microsoft:windows_xp::sp2 -&gt; Microsoft Windows XP Service Pack 2
  cpe:/o:microsoft:windows_xp::sp3 -&gt; Microsoft Windows XP Service Pack 3
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=45590">45590</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">OS Identification</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>It is possible to guess the remote operating system<br><br><b>Description:</b><br>Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...) 
it is possible to guess the name of the remote operating system in use, and
sometimes its version<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>N/A<br><br><b>Plugin output:</b><br>
Remote operating system : Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Confidence Level : 99
Method : MSRPC

 
The remote host is running one of these operating systems : 
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=11936">11936</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">Ethernet card brand</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The manufacturer can be deduced from the Ethernet OUI.<br><br><b>Description:</b><br>Each ethernet MAC address starts with a 24-bit 'Organizationally 
Unique Identifier'.
These OUI are registered by IEEE.<br><br><b>Risk factor:</b><br>None<br><br><b>See also:</b><br>http://standards.ieee.org/faqs/OUI.html<br><br><b>See also:</b><br>http://standards.ieee.org/regauth/oui/index.shtml<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>
The following card manufacturers were identified :

00:0c:29:e6:60:01 : VMware, Inc.
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=35716">35716</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">VMware Virtual Machine Detection</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote host seems to be a VMware virtual machine.<br><br><b>Description:</b><br>According to the MAC address of its network adapter, the remote host
is a VMware virtual machine. 

Since it is physically accessible through the network, ensure that its
configuration matches your organization's security policy.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=20094">20094</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">TCP/IP Timestamps Supported</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>The remote service implements TCP timestamps.<br><br><b>Description:</b><br>The remote host implements TCP timestamps, as defined by RFC1323.  A
side effect of this feature is that the uptime of the remote host can
sometimes be computed.<br><br><b>Risk factor:</b><br>None<br><br><b>See also:</b><br>http://www.ietf.org/rfc/rfc1323.txt<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=25220">25220</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">ICMP Timestamp Request Remote Date Disclosure</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>It is possible to determine the exact time set on the remote host.<br><br><b>Description:</b><br>The remote host answers to an ICMP timestamp request.  This allows an
attacker to know the date which is set on your machine. 

This may help him to defeat all your time based authentication
protocols.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>Filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).<br><br><b>Plugin output:</b><br>The ICMP timestamps seem to be in little endian format (not in network format)
The difference between the local and remote clocks is 1 second.
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=10114">10114</a><br><br><b>CVE: </b><br>CVE-1999-0524<br><br><b>Other references: </b><br>OSVDB:94, CWE:200</div>
</td></tr>
</tbody></table>
</div>
			<br><a name="172.16.20.5_ntp(123/ntp)"></a><table width="70%" align="center" border="0" cellpadding="2" cellspacing="0"><tbody><tr class="port_header" onclick='toggle("172.16.20.5_ntp_123")' onmouseover="this.style.cursor='pointer'" title="Collapse/Expand">
<td class="port_header_label" align="left">Port ntp (123/udp)</td>
<td class="toggle" align="right">[-/+]</td>
</tr></tbody></table>
<div id="172.16.20.5_ntp_123" class="divider">
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">Network Time Protocol (NTP) Server Detection</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>An NTP server is listening on the remote host.<br><br><b>Description:</b><br>An NTP (Network Time Protocol) server is listening on this port.  It
provides information about the current date and time of the remote
system and may provide system information.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=10884">10884</a>
</div>
</td></tr>
</tbody></table>
</div>
			<br><a name="172.16.20.5_epmap(135/epmap)"></a><table width="70%" align="center" border="0" cellpadding="2" cellspacing="0"><tbody><tr class="port_header" onclick='toggle("172.16.20.5_epmap_135")' onmouseover="this.style.cursor='pointer'" title="Collapse/Expand">
<td class="port_header_label" align="left">Port epmap (135/tcp)</td>
<td class="toggle" align="right">[-/+]</td>
</tr></tbody></table>
<div id="172.16.20.5_epmap_135" class="divider"></div>
			<br><a name="172.16.20.5_netbios-ns(137/netbios-ns)"></a><table width="70%" align="center" border="0" cellpadding="2" cellspacing="0"><tbody><tr class="port_header" onclick='toggle("172.16.20.5_netbios-ns_137")' onmouseover="this.style.cursor='pointer'" title="Collapse/Expand">
<td class="port_header_label" align="left">Port netbios-ns (137/udp)</td>
<td class="toggle" align="right">[-/+]</td>
</tr></tbody></table>
<div id="172.16.20.5_netbios-ns_137" class="divider">
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">Windows NetBIOS / SMB Remote Host Information Disclosure</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>It is possible to obtain the network name of the remote host.<br><br><b>Description:</b><br>The remote host listens on UDP port 137 or TCP port 445 and replies to 
NetBIOS nbtscan or SMB requests.

Note that this plugin gathers information to be used in other plugins
but does not itself generate a report.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>The following 6 NetBIOS names have been gathered :

 IT-42DA17A77991  = Computer name
 WORKGROUP        = Workgroup / Domain name
 IT-42DA17A77991  = File Server Service
 WORKGROUP        = Browser Service Elections
 WORKGROUP        = Master Browser
 __MSBROWSE__     = Master Browser

The remote host has the following MAC address on its adapter :
   00:0c:29:e6:60:01<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=10150">10150</a>
</div>
</td></tr>
</tbody></table>
</div>
			<br><a name="172.16.20.5_smb(139/smb)"></a><table width="70%" align="center" border="0" cellpadding="2" cellspacing="0"><tbody><tr class="port_header" onclick='toggle("172.16.20.5_smb_139")' onmouseover="this.style.cursor='pointer'" title="Collapse/Expand">
<td class="port_header_label" align="left">Port smb (139/tcp)</td>
<td class="toggle" align="right">[-/+]</td>
</tr></tbody></table>
<div id="172.16.20.5_smb_139" class="divider">
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">SMB Service Detection</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>A file / print sharing service is listening on the remote host.<br><br><b>Description:</b><br>The remote service understands the CIFS (Common Internet File System)
or Server Message Block (SMB) protocol, used to provide shared access
to files, printers, etc between nodes on a network.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>
An SMB server is running on this port.
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=11011">11011</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
</div>
			<br><a name="172.16.20.5_cifs(445/cifs)"></a><table width="70%" align="center" border="0" cellpadding="2" cellspacing="0"><tbody><tr class="port_header" onclick='toggle("172.16.20.5_cifs_445")' onmouseover="this.style.cursor='pointer'" title="Collapse/Expand">
<td class="port_header_label" align="left">Port cifs (445/tcp)</td>
<td class="toggle" align="right">[-/+]</td>
</tr></tbody></table>
<div id="172.16.20.5_cifs_445" class="divider">
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">MS05-027: Vulnerability in SMB Could Allow Remote Code Execution (896422) (uncredentialed check)</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>Arbitrary code can be executed on the remote host due to a flaw in the
SMB implementation.<br><br><b>Description:</b><br>The remote version of Windows contains a flaw in the Server Message
Block (SMB) implementation that may allow an attacker to execute
arbitrary code on the remote host. 

An attacker does not need to be authenticated to exploit this flaw.<br><br><b>Risk factor:</b><br>Critical<br><br><b>CVSS Base Score:</b>10.0<br>CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C<br><br><b>Solution:</b><br>Microsoft has released a set of patches for Windows 2000, XP and
2003 :

http://www.microsoft.com/technet/security/bulletin/ms05-027.mspx<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=18502">18502</a><br><br><b>CVE: </b><br>CVE-2005-1206<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/13942">13942</a><br><br><b>Other references: </b><br>IAVA:2005-t-0019, OSVDB:17308, MSFT:MS05-027</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159) (uncredentialed check)</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>Arbitrary code can be executed on the remote host due to a flaw in the
'Server' service.<br><br><b>Description:</b><br>The remote host is vulnerable to heap overflow in the 'Server' service
that may allow an attacker to execute arbitrary code on the remote
host with 'SYSTEM' privileges. 

In addition to this, the remote host is also affected by an
information disclosure vulnerability in SMB that may allow an attacker
to obtain portions of the memory of the remote host.<br><br><b>Risk factor:</b><br>High<br><br><b>CVSS Base Score:</b>7.5<br>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P<br><br><b>Solution:</b><br>Microsoft has released a set of patches for Windows 2000, XP and
2003 :

http://www.microsoft.com/technet/security/bulletin/ms06-035.mspx<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=22034">22034</a><br><br><b>CVE: </b><br>CVE-2006-1314, CVE-2006-1315<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/18863">18863</a>, <a href="http://www.securityfocus.com/bid/18891">18891</a><br><br><b>Other references: </b><br>OSVDB:27154, OSVDB:27155, MSFT:MS06-035</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">MS09-001: Microsoft Windows SMB Vulnerabilities Remote Code Execution (958687) (uncredentialed check)</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>It is possible to crash the remote host due to a flaw in SMB.<br><br><b>Description:</b><br>The remote host is affected by a memory corruption vulnerability in
SMB that may allow an attacker to execute arbitrary code or perform a
denial of service against the remote host.<br><br><b>Risk factor:</b><br>Critical<br><br><b>CVSS Base Score:</b>10.0<br>CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C<br><br><b>Solution:</b><br>Microsoft has released a set of patches for Windows 2000, XP, 2003,
Vista and 2008 :

http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=35362">35362</a><br><br><b>CVE: </b><br>CVE-2008-4834, CVE-2008-4835, CVE-2008-4114<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/31179">31179</a>, <a href="http://www.securityfocus.com/bid/33121">33121</a>, <a href="http://www.securityfocus.com/bid/33122">33122</a><br><br><b>Other references: </b><br>OSVDB:48153, OSVDB:52691, OSVDB:52692, MSFT:MS09-001</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_high"><td class="plugin_label" align="left">MS06-040: Vulnerability in Server Service Could Allow Remote Code Execution (921883) (uncredentialed check)</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>Arbitrary code can be executed on the remote host due to a flaw in the
'Server' service.<br><br><b>Description:</b><br>The remote host is vulnerable to a buffer overrun in the 'Server'
service that may allow an attacker to execute arbitrary code on the
remote host with 'SYSTEM' privileges.<br><br><b>Risk factor:</b><br>Critical<br><br><b>CVSS Base Score:</b>10.0<br>CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C<br><br><b>Solution:</b><br>Microsoft has released a set of patches for Windows 2000, XP and
2003 :

http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=22194">22194</a><br><br><b>CVE: </b><br>CVE-2006-3439<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/19409">19409</a><br><br><b>Other references: </b><br>OSVDB:27845, MSFT:MS06-040</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">SMB Registry : Nessus Cannot Access the Windows Registry</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>Nessus is not able to access the remote Windows Registry.<br><br><b>Description:</b><br>It was not possible to connect to PIPE\winreg on the remote host.

If you intend to use Nessus to perform registry-based checks, the
registry checks will not work because the 'Remote Registry Access'
service (winreg) has been disabled on the remote host or can not be
connected to with the supplied credentials.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>Could not connect to the registry because:
Could not connect to \winreg<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=26917">26917</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">SMB LanMan Pipe Server Listing Disclosure</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>It is possible to obtain network information.<br><br><b>Description:</b><br>It was possible to obtain the browse list of the remote Windows system
by send a request to the LANMAN pipe.  The browse list is the list of
the nearest Windows systems of the remote host.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>
Here is the browse list of the remote host : 

IT-42DA17A77991 ( os : 5.1 )
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=10397">10397</a><br><br><b>Other references: </b><br>OSVDB:300</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">Windows SMB NULL Session Authentication</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>It is possible to log into the remote Windows host with a NULL
session.<br><br><b>Description:</b><br>The remote host is running Microsoft Windows, and it was possible to
log into it using a NULL session (i.e., with no login or password).  An
unauthenticated remote attacker can leverage this issue to get
information about the remote host.<br><br><b>Risk factor:</b><br>None<br><br><b>See also:</b><br>http://support.microsoft.com/kb/q143474/<br><br><b>See also:</b><br>http://support.microsoft.com/kb/q246261/<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=26920">26920</a><br><br><b>CVE: </b><br>CVE-1999-0519, CVE-1999-0520, CVE-2002-1117<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/494">494</a><br><br><b>Other references: </b><br>OSVDB:299</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">SMB Log In Possible</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>It is possible to log into the remote host.<br><br><b>Description:</b><br>The remote host is running Microsoft Windows operating
system or Samba, a CIFS/SMB server for Unix.  It was 
possible to log into it using one of the following 
account :

- NULL session
- Guest account
- Given Credentials<br><br><b>Risk factor:</b><br>None<br><br><b>See also:</b><br>http://support.microsoft.com/support/kb/articles/Q143/4/74.ASP<br><br><b>See also:</b><br>http://support.microsoft.com/support/kb/articles/Q246/2/61.ASP<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>- NULL sessions are enabled on the remote host
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=10394">10394</a><br><br><b>CVE: </b><br>CVE-1999-0504, CVE-1999-0505, CVE-1999-0506, CVE-2000-0222, CVE-2002-1117, CVE-2005-3595<br><br><b>BID: </b><br><a href="http://www.securityfocus.com/bid/494">494</a>, <a href="http://www.securityfocus.com/bid/990">990</a>, <a href="http://www.securityfocus.com/bid/11199">11199</a><br><br><b>Other references: </b><br>OSVDB:297, OSVDB:3106, OSVDB:8230, OSVDB:10050</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">SMB NativeLanManager Remote System Information Disclosure</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>It is possible to obtain information about the remote operating
system.<br><br><b>Description:</b><br>It is possible to get the remote operating system name and
version (Windows and/or Samba) by sending an authentication
request to port 139 or 445.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>The remote Operating System is : Windows 5.1
The remote native lan manager is : Windows 2000 LAN Manager
The remote SMB Domain Name is : IT-42DA17A77991
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=10785">10785</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
<table width="70%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody><tr class="plugin_sev_low"><td class="plugin_label" align="left">SMB Service Detection</td></tr>
<tr class="info_bg"><td colspan="2" class="info_text">
<div class="plugin_output">
<br><b>Synopsis:</b><br>A file / print sharing service is listening on the remote host.<br><br><b>Description:</b><br>The remote service understands the CIFS (Common Internet File System)
or Server Message Block (SMB) protocol, used to provide shared access
to files, printers, etc between nodes on a network.<br><br><b>Risk factor:</b><br>None<br><br><b>Solution:</b><br>n/a<br><br><b>Plugin output:</b><br>
A CIFS server is running on this port.
<br><br><b>Plugin ID:</b><br><a href="http://www.nessus.org/plugins/index.php?view=single&amp;id=11011">11011</a>
</div>
</td></tr>
</tbody></table>
<div class="divider">
</div>
</div>
<div class="backToContainer">
<table width="70%" align="center" border="0" cellpadding="0" cellspacing="0">
<tbody><tr><td class="backTo" align="right"><a href="#toc_172.16.20.5">[^] Back to 172.16.20.5</a></td></tr>
</tbody></table>
</div>
</body></html>